diff options
author | brain <brain@e03df62e-2008-0410-955e-edbf42e46eb7> | 2006-09-03 20:25:09 +0000 |
---|---|---|
committer | brain <brain@e03df62e-2008-0410-955e-edbf42e46eb7> | 2006-09-03 20:25:09 +0000 |
commit | f0101edab9503cc249c43365c764159d93ba88ee (patch) | |
tree | e8bcf2184b27b1d553b8f9c2603e2c5ad510062d | |
parent | c01b8aab83eafc1186494f92fe3ec780479b60df (diff) |
Dont report that the key has expired when it hasnt
git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@5127 e03df62e-2008-0410-955e-edbf42e46eb7
-rw-r--r-- | src/modules/extra/m_ssl_openssl.cpp | 15 |
1 files changed, 6 insertions, 9 deletions
diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index 071c1d961..f45334e7e 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -61,6 +61,11 @@ public: static int OnVerify(int preverify_ok, X509_STORE_CTX *ctx) { + /* XXX: This will allow self signed certificates. + * In the future if we want an option to not allow this, + * we can just return preverify_ok here, and openssl + * will boot off self-signed and invalid peer certs. + */ return 1; } @@ -91,8 +96,6 @@ class ModuleSSLOpenSSL : public Module ModuleSSLOpenSSL(InspIRCd* Me) : Module::Module(Me) { - - culllist = new CullList(ServerInstance); // Not rehashable...because I cba to reduce all the sizes of existing buffers. @@ -717,16 +720,10 @@ class ModuleSSLOpenSSL : public Module certinfo->data.insert(std::make_pair("fingerprint",irc::hex(md, n))); } - if ((ASN1_UTCTIME_cmp_time_t(X509_get_notAfter(cert), time(NULL)) == -1) || (ASN1_UTCTIME_cmp_time_t(X509_get_notBefore(cert), time(NULL)) == -1)) + if ((ASN1_UTCTIME_cmp_time_t(X509_get_notAfter(cert), time(NULL)) == -1) || (ASN1_UTCTIME_cmp_time_t(X509_get_notBefore(cert), time(NULL)) == 0)) { certinfo->data.insert(std::make_pair("error","Not activated, or expired certificate")); } - - /*if (cert->name) - { - certinfo->data.insert(std::make_pair("dn",cert->name)); - }*/ - } }; |